Ilungiselela i-Mikrotik, idiliza amarekhodi rdp ne-ftp. Indlela yokwenza ukuthutha kwechweba ku-Mikrotik?

Ama-brand router ama-Mikrotik, ukudluliselwa kwechweba kuyadingeka kaningi. Kodwa-ke, kubaphathi benethiwekhi, nabasebenzisi abangakulungele, isixazululo sale nkinga kaningi kunzima kakhulu. Okulandelayo umyalelo omfushane, okulandelayo ongakwenza kalula noma yikuphi ukusebenza kwalolu hlobo, noma kunjalo, kuzodingeka ucabange kancane.

Ilungiselela i-Mikrotik nge-port forwarding. Kungani lokhu kuyadingeka?

Ngaphambi kokuba uqhubeke nokulungisa i-router, kubalulekile ukuhlala kancane emigomeni yokudluliselwa kwechweba nokuthi yini esetshenziselwa konke lokhu.

Ukulungiselelwa okuzenzakalelayo kwe-Mikrotik ukuthi amakhompyutha akhona inethiwekhi yangaphakathi noma yangaphandle aboni amakheli e-IP abelwe ezinye terminals. Lapha ukulawulwa kwe-sock okuthiwa i-masquerade isetshenzisiwe, uma i-router ngokwayo ithatha indawo yekheli lomshini lapho lihlelwe yi-IP yalo yangaphandle, uma ithola isicelo, nakuba ivula ichweba elidingekayo. Kuvela ukuthi wonke amadivayisi axhunyiwe kwinethiwekhi, abone kuphela router, futhi phakathi kwabo ahlale engabonakali.

Kulesi sixhumanisi, kwezinye izimo zamadivayisi we-Mikrotik, ukudluliselwa kwechweba kuyadingeka ngokuphelele. Amacala ajwayelekile kakhulu:

• Inhlangano yokufinyelela okude kumadivayisi kwinethiwekhi ngokusekelwe kobuchwepheshe be-RDP;
• Ukudala umdlalo noma iseva ye-FTP;
• Inhlangano yamanethiwekhi aphakathi kwontanga nokusetha ukusebenza okulungile kwamaklayenti abafufusa;
• Ukufinyelela kwamakhamera namahlelo wokubhekwa kwevidiyo avela ngaphandle nge-intanethi.

Finyelela ku-interface esibonakalayo kuwebhu

Ngakho-ke, siyaqhubeka. Ama-router ama-Mikrotik, ukudluliselwa kwechweba (i-RDP, i- FTP, njll.) Iqala nge-logon ohlelweni lokuphatha idivayisi, olubizwa ngokuthi isikhombimsebenzisi sewebhu. Futhi uma kubomzila abaningi abaziwa njengamakheli ajwayelekile 192.168 ukuhlanganiswa ngokuphela kokungu-0.1 noma 1.1 asetshenzisiwe, lokhu okuhlukile akusebenzi lapha.

Ukuze uthole ukufinyelela kusiphequluli sewebhu (kungcono ukusebenzisa i-Internet Explorer ejwayelekile), inhlanganisela engu-192.168.88.1 inqunywe kubha yamakheli, umphathi ungena ensimini yokungena ngemvume, futhi umugqa wephasiwedi, njengomthetho, uhlala ungenalutho. Uma kwenzeka ukutholakala ngesizathu esithile kuvinjelwe (i-router ayamukeli ukungena ngemvume), kuzodingeka ukusetha kabusha izilungiselelo ngokuchofoza inkinobho efanele noma ukuxhuma idivayisi kusuka ekunikezeni amandla kwamasekhondi angu-10-15.

Izilungiselelo Ezijwayelekile kanye nezilungiselelo

I-interface ibhalwe. Manje into ebaluleke kunazo zonke: eMikrotik, ukudluliselwa kwechweba kusekelwe ekudalweni kwemithetho ebizwa ngokuthi ukukhipha umsebenzi we-Masquerade (okufana nokufaka esikhundleni samakheli e-IP, okukhulunywe ngenhla).

Kuzilungiselelo ezijwayelekile zesigaba se-Firewall / NAT, ungabona ukuthi umthetho owodwa usuvele ukhona. It isethwe njengenye yezilungiselelo factory. Ukudlulisela phambili endaweni ejwayelekile kuhlanganisa ukwengeza umthetho omusha ngokucindezela inkinobho ngesibonakaliso esengeziwe, emva kwalokho kuzodingeka ukuthi ugcwalise amasimu ambalwa ayisisekelo.

Izibonelo zamathangi asetshenzisiwe

Manje ake sibheke ezinye izibonelo zokusebenzisa amarekhodi. Kuye ngokuthi iyiphi imoto ngayinye evulekile ezosetshenziselwa, amanani angaba:

• Isifufula: tcp / 51413;
• I-SSH: i-tcp / 22;
• I-SQL Server: tcp / 1433;
• Iseva ye-WEB: tcp / 80;
• I-Telnet: i-tcp / 23;
• RDP: tcp / 3389;
• Inhlanzi: udp / 161 njll.

Lezi zindinganiso zizosetshenziselwa nje ukweqa i-port ngayinye.

Ukudala imithetho nokukhetha izenzo

Manje bakha umthetho omusha bese uqhubeka nokugcwalisa amasimu okuhlela. Lapha udinga ukuba uqaphele futhi uqhubeke ngokuqondile ukuthi yikuphi ukufinyelela okudingekayo ukuze uqalise (kusukela ngaphakathi noma ngokuphambene nalokho).

I-paramameters kufanele ibe:

• I-Chain: i-srcnat isetshenziselwa ukufinyelela kusuka kunethiwekhi yendawo, okushoyo, ezweni langaphandle, i-dstnat - ukuthola inethiwekhi yendawo kusuka ngaphandle (khetha inketho yesibili yokuxhumana okungenayo);
• Amakheli ekheli Src. Futhi iDst. Shiya okungenalutho;
• Esikhathini senkambiso, khetha noma i-tcp noma udp (ngokuvamile ihlelwe ku-6 (tcp);
• I-Src. I-Port ishiywa ingenalutho, isb. I-port ephumayo yokuxhumana kwangaphandle ayibalulekile;
• I-Dst. Port (port of destination): Cacisa ichweba lezibonelo ezingenhla (isibonelo, 51413 ngezifufula, i-3389 yeRPP, njll);
• Noma yiliphi i-Port lingashiywa lingenalutho, kodwa uma ucacisa inombolo, i-port eyodwa izosetshenziselwa kokubili njengengenayo nokungenayo;
• Ngaphakathi. Isikhombisi-ndlela: i-port of the router ngokwayo (ngokuvamile ether1-isango) ifakiwe;
• Ngaphandle. Isikhombisi-ndlela: sichaza isikhombimsebenzisi esiphumayo (singanqamuka).

Qaphela: uma kwenzeka ukudluliselwa kwechweba ukuxhumeka okukude kusuka ngaphandle (RDP) ensimini yeSrc. Ikheli lichaza i-IP yekhompuyutha eyikude okuhloswe kuyo ukufinyelela. I-port ejwayelekile yokuxhuma i-RDP yi-3389. Kodwa-ke, ochwepheshe abaningi abaphakamisi ukwenza lokhu ngoba kuphephe kakhulu futhi kulula ukumisa ku-router ye-VPN.

Ngokuqhubekayo kumzila we-Mikrotik, ukudluliselwa kwechweba kuthatha ukukhetha kwesenzo. Eqinisweni, lapha kunele ukucacisa imingcele emithathu kuphela:

• Isenzo: yamukela (ukwamukela okulula), kodwa ukuthola ukufinyelela kwangaphandle, i-dst-nat icacisiwe (ungacacisa ukulungiselelwa okuphezulu kakhulu kwe-netmap);
• Kumakheli: ikheli langaphakathi lomshini lapho ukuhlelwa kabusha kufanele kwenziwe khona kufakiwe;
• Emaphakheni: ngokujwayelekile, inani lihlelwe ku-80, kepha u-51413 uboniswa ukuze kusetshenziswe kahle okufanayo komfula.

Ilungiselela i-Mikrotik: Ukuthunyelwa kwe-Port FTP

Okokugcina, amagama ambalwa mayelana nokuthi yiziphi izilungiselelo ezizodingwa ku-FTP. Okokuqala, udinga ukulungisa isiphakeli se-FTP uqobo, isibonelo, ngokusekelwe ku-FileZilla, kodwa lena ingxoxo ehlukile. Kulesi simo, sinesithakazelo ekuthutheleni kwamaports we-FTP Mikrotik, hhayi ukucushwa kwesigaba sevava.

Kukholelwa ukuthi iseva le-FTP, nakuba lidinga ukucaciswa kwebala elithile lamachweba, kodwa lisebenza ngokugcwele esigodini sokulawula 21. Kufanele linikwe amandla.

Njengokwesimo esijwayelekile, okokuqala udinga ukwakha umthetho omusha, kuphela kule simo kuzoba khona ezimbili: i-port control kanye nayo yonke uhla lwamaports.

Nge-port 21, imingcele kufanele ibe:

• I-Chain: dst-nat;
• I-Dst. Ikheli: Ikheli langaphandle lomzila (isibonelo, 1.1.1.28);
• I-Protocol: 6 (tcp);
• I-Dst. I-Port: 21
• Ngaphakathi. Isikhombisi-ndlela: nesher1-isango.

Amagugu alandelayo asethelwe kuthebhu yesenzo se-Action:

• Isenzo: i-dst-nat;
• I-Dst. Ikheli: ikheli le-terminal lapho iseva ye-FTP efakwe khona;
• Kuya emachwebeni: 21.

Ukuze uthole ibanga (ngokwesibonelo, 50000-50050), zonke izinketho ziyafana ngaphandle kwemingcele emibili:

• Ezisethweni jikelele ze-Dst. I-Port ibonisa lonke uhla lwamapayipi;
• Uma ukhetha isenzo, ibanga elifanayo lihambisana nendawo ye-Ports.

Qaphela ukuthi uma uhlela ukuthunyelwa kwe-FTP, udinga ukulandela amadokhumenti we-router, futhi uthi akukhuthazwa ukusebenzisa umkhawulo wokuqala webanga lokungena ngaphansi kwenani le-1024. Leli phuzu kufanele libhekwe futhi.

Ngokusemthethweni, usengasebenzisa umsebenzi we-Hairpin NAT Mikrotik, kodwa kuyadingeka uma udinga ukungena i-IP yangaphandle kusuka kunethiwekhi yendawo. Ngokuvamile, akudingeki usebenze.